opuppet/module-sshd
5
0
Fork 0
Code Issues Pull requests Releases Wiki Activity
220 commits 2 branches 0 tags 297 KiB
Commit graph

22 commits

Author SHA1 Message Date
Silvio Rhatto
57d8883d48 Removing sshd_use_strong_ciphers parameter as sshd_hardened_ssl does the job 2011-07-13 18:41:59 -03:00
Silvio Rhatto
99928cd61e Merge branch 'master' of git://labs.riseup.net/shared-sshd 2011-07-13 18:39:18 -03:00
intrigeri
34863e959f New opt-in support to only use strong SSL ciphers and MACs. 
The new configuration variable is $sshd_hardened_ssl.
Settings were stolen from https://github.com/ioerror/duraconf.git.
 2011-06-21 00:27:55 +02:00
Silvio Rhatto
4d73d3784e Changing strong cipher to aes128-crt 2011-02-23 14:46:20 -03:00
Silvio Rhatto
9ac4697eb5 Changing parameter name sshd_perfect_forward_secrecy to sshd_use_strong_ciphers as sshd already does PFS 2011-02-23 14:25:18 -03:00
Micah Anderson
ac240412cc remove HostbasedUsesNameFromPacketOnly yes from Debian sshd_config templates. This is not set in the Debian templates by default, and the default is actually no, not yes. If someone wishes to make a configuration variable they can, otherwise head/tail_additional options can be used 2011-02-21 12:45:49 -05:00
Silvio Rhatto
474b23271d Merge branch 'master' of git://labs.riseup.net/shared-sshd 
Conflicts:
	templates/sshd_config/Debian_squeeze.erb
 2011-02-19 18:08:02 -02:00
Silvio Rhatto
505692a72e Merge branch 'master' of git://labs.riseup.net/shared-sshd 2011-02-13 15:13:10 -02:00
Silvio Rhatto
30a4593a05 Introducing perfect forward secrecy for SSH 2010-12-16 20:20:53 -02:00
Micah Anderson
167cf53271 "ChallengeResponseAuthentication no" was being hardcoded later in the Debian Lenny sshd_config template, even though we offer it as a variable. With this commit, the variable will actually work, rather than be overriden 2010-12-14 13:41:05 -05:00
mh
7e6d3af6f8 lenny already has AcceptEnv by default 2010-10-21 15:31:31 +02:00
intrigeri
8cb562f87c Syntax fix. 2010-10-16 22:32:25 +02:00
intrigeri
a643172a79 New option sshd_ports that obsoletes sshd_port. 
Backward compatibility is preserved.
 2010-10-16 16:05:00 +02:00
intrigeri
23efb583bf Cleanup templates: sshd_port is guaranteed by init.pp not to be empty. 2010-10-16 16:01:24 +02:00
intrigeri
0615dc635c Actually allow enabling ChallengeResponseAuthentication on Debian Lenny. 2010-10-03 19:56:04 +02:00
Silvio Rhatto
bbc03d2c10 PrintMotd using default OpenSSH setting 2009-12-27 14:01:55 -02:00
Micah Anderson
93e2f4d4c0 Template out the possibility of specifying the key word 'off' to the 
$sshd_port parameter, which simply puts a comment in front of that
option, rather than specifying it.
 2009-07-07 20:55:13 -04:00
Micah Anderson
f44776cbbf replace the sshd_additional_options variable with two, one called 
sshd_head_additional_options and one called sshd_tail_additional_options.
the first puts the value at the beginning of the file, and the second at
the end.

This is necessary due to some option ordering requiring things to be
before others
 2009-07-07 20:52:40 -04:00
Micah Anderson
78938cde2a Fix location of default sftp-server on Debian, and uncomment the sftp 
configuration line to get the sshd_config file defaults to be more
like the standard shipped defaults from Debian
 2008-12-07 12:15:41 -05:00
Micah Anderson
1f25b213e1 Debian's sshd config typically has PrintMotd no set because its already printed via PAM. 
Without it set, it is defaulted to 'yes', which results in the MOTD being printed twice, so
we return the Debian default configuration in this commit
 2008-10-27 15:45:11 -04:00
mh
96bbe0adb8 new options, cleaned up real_ hack 
git-svn-id: https://svn/ipuppet/trunk/modules/sshd@2527 d66ca3ae-40d7-4aa7-90d4-87d79ca94279
 2008-10-20 22:46:50 +00:00
mh
9ce186f5c3 merged with riseup 
git-svn-id: https://svn/ipuppet/trunk/modules/sshd@2263 d66ca3ae-40d7-4aa7-90d4-87d79ca94279
 2008-09-29 22:37:26 +00:00